hbase-user mailing list archives

On Mon, Jul 18, 2011 at 9:25 AM, David Capwell <dcapwell@yahoo-inc.com>wrote:
> HBase does work on Hadoop with Security, but you will need the following in
> your hbase-site.xml
>
> <property>
> <name>hbase.master.keytab.file</name>
> <value>/path/to/keytab/hbase.keytab</value>
> </property>
> <property>
> <name>hbase.master.kerberos.principal</name>
> <value>hbase/_HOST@EXAMPLE.COM</value>
> </property>
> <property>
> <name>hbase.regionserver.keytab.file</name>
> <value>/path/to/keytab/hbase.keytab</value>
> </property>
> <property>
> <name>hbase.regionserver.kerberos.principal</name>
> <value>hbase/_HOST@EXAMPLE.COM</value>
> </property>
>
> You need to set up a keytab for each box running hbase and you will need
> kerberos server and replace EXAMMPLE.COM<http://EXAMMPLE.COM> with the url
>
> Also with Yahoo!'s version, there is no append support so there is a risk
> of data loss. If this is just for testing/experimentation then that is
> fine, but if you want this to go into production you might want to look into
> Cloudera's latest release that has append + security.
>
>
Yes, if you have HDFS security enabled
(hadoop.security.authentication=kerberos), you will need these configuration
entries (and appropriate keytab files) for the HBase daemons to authenticate
with HDFS.
Sorry this part of the setup is pretty undocumented at the moment. We'll be
filling that in in the near future. In the meantime, please ask questions
if you run into any issues or get stuck.